Class CRLValidator

java.lang.Object

com.itextpdf.signatures.validation.CRLValidator

public class CRLValidator
extends Object

Class that allows you to validate a certificate against a Certificate Revocation List (CRL) Response.

Field Summary

Fields

Modifier and Type	Field	Description
(package private) static final int	ALL_REASONS
(package private) static final String	ATTRIBUTE_CERTS_ASSERTED
private final ValidatorChainBuilder	builder
(package private) static final String	CERTIFICATE_IN_ISSUER_CHAIN
(package private) static final String	CERTIFICATE_IS_EXPIRED
(package private) static final String	CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE
(package private) static final String	CERTIFICATE_IS_UNREVOKED
(package private) static final String	CERTIFICATE_REVOKED
private final IssuingCertificateRetriever	certificateRetriever
private final Map<Certificate, Integer>	checkedReasonsMask
(package private) static final String	CRL_CHECK
(package private) static final String	CRL_INVALID
(package private) static final String	CRL_ISSUER_CHAIN_FAILED
(package private) static final String	CRL_ISSUER_NO_COMMON_ROOT
(package private) static final String	CRL_ISSUER_NOT_FOUND
(package private) static final String	CRL_ISSUER_REQUEST_FAILED
private static final IBouncyCastleFactory	FACTORY
(package private) static final String	FRESHNESS_CHECK
(package private) static final String	ONLY_SOME_REASONS_CHECKED
private final SignatureValidationProperties	properties
(package private) static final String	SAME_REASONS_CHECK
(package private) static final String	UPDATE_DATE_BEFORE_CHECK_DATE

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CRLValidator(ValidatorChainBuilder builder)	Creates new CRLValidator instance.

Method Summary

Modifier and Type	Method	Description
private static void	addResponderValidationReport(ValidationReport report, ValidationReport responderReport)
private static int	computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint, IDistributionPoint distributionPoint)
private static Date	getExpiredCertsOnCRLExtensionDate(X509CRL crl)
private static IIssuingDistributionPoint	getIssuingDistributionPointExtension(X509CRL crl)
private List<X509Certificate>	getRoots(Certificate cert)
void	validate(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date validationDate, Date responseGenerationDate)	Validates a certificate against Certificate Revocation List (CRL) Responses.
private void	verifyCrlIntegrity(ValidationReport report, ValidationContext context, X509Certificate certificate, X509CRL crl, Date responseGenerationDate)
private static void	verifyRevocation(ValidationReport report, X509Certificate certificate, Date verificationDate, X509CRL crl)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CRL_CHECK

static final String CRL_CHECK

See Also:

• Constant Field Values

ATTRIBUTE_CERTS_ASSERTED

static final String ATTRIBUTE_CERTS_ASSERTED

See Also:

• Constant Field Values

CERTIFICATE_IS_EXPIRED

static final String CERTIFICATE_IS_EXPIRED

See Also:

• Constant Field Values

CERTIFICATE_IS_UNREVOKED

static final String CERTIFICATE_IS_UNREVOKED

See Also:

• Constant Field Values

CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE

static final String CERTIFICATE_IS_NOT_IN_THE_CRL_SCOPE

See Also:

• Constant Field Values

CERTIFICATE_REVOKED

static final String CERTIFICATE_REVOKED

See Also:

• Constant Field Values

CRL_ISSUER_NOT_FOUND

static final String CRL_ISSUER_NOT_FOUND

See Also:

• Constant Field Values

CRL_ISSUER_REQUEST_FAILED

static final String CRL_ISSUER_REQUEST_FAILED

See Also:

• Constant Field Values

CRL_ISSUER_CHAIN_FAILED

static final String CRL_ISSUER_CHAIN_FAILED

See Also:

• Constant Field Values

CRL_ISSUER_NO_COMMON_ROOT

static final String CRL_ISSUER_NO_COMMON_ROOT

See Also:

• Constant Field Values

CRL_INVALID

static final String CRL_INVALID

See Also:

• Constant Field Values

FRESHNESS_CHECK

static final String FRESHNESS_CHECK

See Also:

• Constant Field Values

ONLY_SOME_REASONS_CHECKED

static final String ONLY_SOME_REASONS_CHECKED

See Also:

• Constant Field Values

SAME_REASONS_CHECK

static final String SAME_REASONS_CHECK

See Also:

• Constant Field Values

UPDATE_DATE_BEFORE_CHECK_DATE

static final String UPDATE_DATE_BEFORE_CHECK_DATE

See Also:

• Constant Field Values

CERTIFICATE_IN_ISSUER_CHAIN

static final String CERTIFICATE_IN_ISSUER_CHAIN

See Also:

• Constant Field Values

ALL_REASONS

static final int ALL_REASONS

See Also:

• Constant Field Values

FACTORY

private static final IBouncyCastleFactory FACTORY

checkedReasonsMask

private final Map<Certificate, Integer> checkedReasonsMask

certificateRetriever

private final IssuingCertificateRetriever certificateRetriever

properties

private final SignatureValidationProperties properties

builder

private final ValidatorChainBuilder builder

Constructor Details

CRLValidator

protected CRLValidator(ValidatorChainBuilder builder)

Creates new CRLValidator instance.

Parameters:

builder - See ValidatorChainBuilder

Method Details

validate

public void validate(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate,
 X509CRL crl,
 Date validationDate,
 Date responseGenerationDate)

Validates a certificate against Certificate Revocation List (CRL) Responses.

Parameters:

report - to store all the chain verification results

context - the context in which to perform the validation

certificate - the certificate to check against CRL response

crl - the crl response to be validated

validationDate - validation date to check for

responseGenerationDate - trusted date at which response is generated

verifyRevocation

private static void verifyRevocation(ValidationReport report,
 X509Certificate certificate,
 Date verificationDate,
 X509CRL crl)

getIssuingDistributionPointExtension

private static IIssuingDistributionPoint getIssuingDistributionPointExtension(X509CRL crl)

getExpiredCertsOnCRLExtensionDate

private static Date getExpiredCertsOnCRLExtensionDate(X509CRL crl)

computeInterimReasonsMask

private static int computeInterimReasonsMask(IIssuingDistributionPoint issuingDistPoint,
 IDistributionPoint distributionPoint)

verifyCrlIntegrity

private void verifyCrlIntegrity(ValidationReport report,
 ValidationContext context,
 X509Certificate certificate,
 X509CRL crl,
 Date responseGenerationDate)

getRoots

private List<X509Certificate> getRoots(Certificate cert)

addResponderValidationReport

private static void addResponderValidationReport(ValidationReport report,
 ValidationReport responderReport)